I have a page that should only allow ‘POST’ headers but it currently accepts all.
This is the code I already have.
The echo displays the method used when testing with Postman, no matter what method I use I get a 200 OK result.
Do I need to add anything further into .htaccess or Apache config?
// required headers
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With");
echo ($_SERVER["REQUEST_METHOD"]);
2
Answers
To only allow
POST
request, you could add this into the htaccess file :Edit
Or you could do it on the PHP script :
Reference : PHP: Block POST requests
To check via PHP for allowed method and send out an individual error: